diff --git a/libpcp/key.c b/libpcp/key.c
index c00bfa3..1b67581 100644
--- a/libpcp/key.c
+++ b/libpcp/key.c
@@ -408,7 +408,7 @@ int pcp_sanitycheck_key(pcp_key_t *key) {
   struct tm *c;
   time_t t = (time_t)key->ctime;
   c = localtime(&t);
-  if(c->tm_year <= 0 || c->tm_year > 1100) {
+  if(c->tm_year <= 70 || c->tm_year > 1100) {
     /*  well, I'm perhaps overacting here :) */
     fatal("Secretkey sanity check: invalid creation timestamp (got year %04d)!\n", c->tm_year + 1900);
     return 1;
diff --git a/tests/invalidkeys.c b/tests/invalidkeys.c
index 120de01..8b90fe7 100644
--- a/tests/invalidkeys.c
+++ b/tests/invalidkeys.c
@@ -20,12 +20,11 @@ int main() {
   pcp_key_t *key = pcpkey_encrypt(k, pw);
 
   int i;
-  for(i=0; i<5; i++)
-    mkinv(key, i);
+  for(i=0; i<3; i++)
+    mkinvalid_secret(key, i);
 
-  pcp_pubkey_t *pub = pcpkey_pub_from_secret(key);
   for(i=0; i<4; i++)
-    mkinvp(pub, i);
+    mkinvalid_public(key, i);
 
   mkinvv("testvault-invalidheader",  0);
   mkinvv("testvault-invalidversion",  1);
@@ -103,64 +102,72 @@ void mkinvv(const char *name, int type) {
   fclose(v->fd);
 }
 
-void mkinvp(pcp_pubkey_t *k, int type) {
-  pcp_pubkey_t *key = ucmalloc(sizeof(pcp_pubkey_t));
-  memcpy(key, k, sizeof(pcp_pubkey_t));
-
-  switch(type) {
-  case 0:
-    key->type = 0;
-    pcppubkey_print(key, F("testpubkey-wrong-type"));
-    break;
-  case 1:
-    key->version = 0;
-    pcppubkey_print(key, F("testpubkey-wrong-version"));
-    break;
-  case 2:
-    key->serial = 0;
-    pcppubkey_print(key, F("testpubkey-wrong-serial"));
-    break;
-  case 3:
-    key->id[16] = 0x3e;
-    pcppubkey_print(key, F("testpubkey-invalid-id"));
-    break;
-  case 4:
-    key->ctime = 0;
-    pcppubkey_print(key, F("testpubkey-invalid-ctime"));
-    break;
-  }
-}
-
-void mkinv(pcp_key_t *k, int type) {
+void mkinvalid_public(pcp_key_t *k, int type) {
   pcp_key_t *key = ucmalloc(sizeof(pcp_key_t));
   memcpy(key, k, sizeof(pcp_key_t));
+  FILE *fd = NULL;
 
   switch(type) {
   case 0:
-    key->encrypted[0] = 0;
-    pcpkey_print(key, F("testkey-not-encrypted"));
+    key->type = 0;
+    fd = F("testpubkey-wrong-type");
     break;
   case 1:
-    key->type = 0;
-    pcpkey_print(key, F("testkey-wrong-type"));
+    key->version = 0;
+    fd = F("testpubkey-wrong-version");
     break;
   case 2:
-    key->version = 0;
-    pcpkey_print(key, F("testkey-wrong-version"));
+    key->serial = 0;
+    fd = F("testpubkey-wrong-serial");
     break;
   case 3:
-    key->serial = 0;
-    pcpkey_print(key, F("testkey-wrong-serial"));
-    break;
-  case 4:
-    key->id[16] = 0x1;
-    pcpkey_print(key, F("testkey-invalid-id"));
-    break;
-  case 5:
     key->ctime = 0;
-    pcpkey_print(key, F("testkey-invalid-ctime"));
+    fd = F("testpubkey-invalid-ctime");
     break;
   }
+
+  if(fd != NULL) {
+    Buffer *b = pcp_export_rfc_pub(key);
+    fwrite(buffer_get(b), 1, buffer_size(b), fd);
+    fclose(fd);
+  }
+
+  free(key);
+}
+
+void mkinvalid_secret(pcp_key_t *k, int type) {
+  pcp_key_t *key = ucmalloc(sizeof(pcp_key_t));
+  memcpy(key, k, sizeof(pcp_key_t));
+  FILE *fd = NULL;
+
+    fprintf(stderr, "fd test %d\n", type);
+
+  switch(type) {
+  case 0:
+    key->version = 0;
+    fd = F("testkey-wrong-version");
+    break;
+  case 1:
+    key->serial = 0;
+    fd = F("testkey-wrong-serial");
+    break;
+  case 2:
+    key->ctime = 0;
+    fd = F("testkey-invalid-ctime");
+    break;
+  }
+
+  if(fd != NULL) {
+    pcp_dumpkey(key);
+    Buffer *b = pcp_export_secret(key, "xxx");
+    fwrite(buffer_get(b), 1, buffer_size(b), fd);
+    fclose(fd);
+  }
+  else {
+    fprintf(stderr, "fd not opened for test %d\n", type);
+  }
+
+  free(key);
 }
 
 FILE *F(char *filename) {
diff --git a/tests/invalidkeys.h b/tests/invalidkeys.h
index 694f2d0..674eaf2 100644
--- a/tests/invalidkeys.h
+++ b/tests/invalidkeys.h
@@ -10,8 +10,8 @@
 #include "key.h"
 #include "vault.h"
 
-void mkinv(pcp_key_t *k, int type);
-void mkinvp(pcp_pubkey_t *k, int type);
+void mkinvalid_secret(pcp_key_t *k, int type);
+void mkinvalid_public(pcp_key_t *k, int type);
 void mkinvv(const char *name, int type);
 FILE *F(char *filename);
 
diff --git a/tests/unittests.cfg b/tests/unittests.cfg
index 880ad91..da63cbf 100644
--- a/tests/unittests.cfg
+++ b/tests/unittests.cfg
@@ -441,38 +441,23 @@ temporarily disabled
   expect = /contain any keys so far/
 </test>
 
-/*
-disabled, need to re-design invalidkeys.c in order to catch up with new format
-
-<test check-testkey-invalid-id>
+<test invalid>
   prepare = ./invalidkeys
-  cmd = $pcp -V $vault -S -I testkey-invalid-id
-  expect /(invalid key id|could not decode input)/
-</test>
-
-<test check-testkey-not-encrypted>
-  cmd = $pcp -V $vault -S -I testkey-not-encrypted
-  expect = /secret key contained in key seems to be empty/
-</test>
-
-<test check-testkey-wrong-type>
-  cmd = $pcp -V $vault -S -I testkey-wrong-type
-  expect = /key type is not SECRET/
-</test>
 
 <test check-testkey-wrong-version>
-  cmd = $pcp -V $vault -S -I testkey-wrong-version
+  cmd = $pcp -V $vault -S -I testkey-wrong-version -x xxx
   expect = /unknown key version/
 </test>
 
-
-
-<test check-testpubkey-invalid-id>
-  prepare = ./invalidkeys
-  cmd = $pcp -V $vault -P -I testpubkey-invalid-id
-  expect = /(invalid key id|could not decode input)/
+<test check-testkey-wrong-serial>
+  cmd = $pcp -V $vault -S -I testkey-wrong-serial -x xxx
+  expect = /invalid serial number/
 </test>
-
+<test check-testkey-wrong-ctime>
+  cmd = $pcp -V $vault -S -I testkey-invalid-ctime -x xxx
+  expect = /invalid creation timestamp/
+</test>
+/*
 <test check-testpubkey-wrong-type>
   cmd = $pcp -V $vault -P -I testpubkey-wrong-type
   expect = /key type is not PUBLIC/
@@ -482,8 +467,8 @@ disabled, need to re-design invalidkeys.c in order to catch up with new format
   cmd = $pcp -V $vault -P -I testpubkey-wrong-version
   expect = /unknown key version/
 </test>
-
 */
+</test>
 
 <test check-vault-invalid-header>
     prepare = ./invalidkeys